REMARKS 

Claims 1, 9-11, 14-17, and 25-27 are amended. Claims 2-5, 13, 18-23, and 28 are canceled. 
Claims 29-32 have been added. Claims 1, 6, 7, 9-11, 14-17, 25-27, and 29-32 are pending in the 
application. The amendments as indicated herein do not add any new matter to this application. 

SUMMARY OF THE REJECTIONS 

Claims 1-7, 17-23 and 25-28 were rejected under 35 U.S.C. § 102(e) as being anticipated, 
allegedly, by Exton, et al., U.S. Patent No. 6,910,041 ("Exton"). 

Claims 9-1 1 and 13-16 were rejected under 35 U.S.C. § 102(e) as being anticipated, 
allegedly, by Bell, et al., U.S. Patent No. 6,880,005 ("Bell"). 

All of these rejections are traversed, respectfully, for at least the reasons discussed below. 

REJECTIONS OF CLAIMS 1-7, 17-23, AND 25-28 

Claims 2-5, 18-23, and 28 have been canceled, thereby obviating the rejection of those 

claims. 

As amended, Claim 1 recites, among other features, "wherein identifying the dimensional 
range for each policy action specified in the first access control list and in the second access control 
list comprises at least one step from a set of steps comprising: identifying a source Internet 
Protocol (IP) address range and a destination IP address range for communication packets 
specified by each of the entries in the first access control list and in the second access control list; 
identifying a source port range and a destination port range for communication packets specified 
by each of the entries in the first access control list and in the second access control list; and 
identifying a communication protocol for communication packets specified by each of the entries 
in the first access control list and in the second access control list." 
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Although Exton mentions access control lists (ACLs), Exton does not disclose any of an IP 
address range specified by entries in an ACL, a port range specified by entries in an ACL, or a 
communication protocol specified by entries in an ACL. In Exton, the ACL entries comprise an 
entry (such as "user" or "group," to indicate what kind of entry it is), a name (e.g., "boss"), and an 
operation field (e.g., "w" for change password permission, "a" for add user permission, etc.) (see 
ACLs 510 in FIG. 5 A, and col. 5, lines 4-38). None of the information in Exton' s ACL entries is an 
IP address range, a port range, or a communication protocol. 

If the next Office Action maintains this rejection, then Applicants respectfully request that 
the next Office Action at least expressly identify specifically what field, in Exton' s ACL entries, is 
supposed to be analogous to the IP address range, port range, or communication protocol recited 
in Claim 1 . 

As is explained above, Exton fails to disclose "wherein identifying the dimensional range for 
each policy action specified in the first access control list and in the second access control list 
comprises at least one step from a set of steps comprising: identifying a source Internet Protocol 
(IP) address range and a destination IP address range for communication packets specified by 
each of the entries in the first access control list and in the second access control list; identifying a 
source port range and a destination port range for .communication packets specified by each of 
the entries in the first access control list and in the second access control list; and identifying a 
communication protocol for communication packets specified by each of the entries in the first 
access control list and in the second access control list" as recited in Claim 1 . Consequently, Claim 
1 is patentable over Exton under 35 U.S.C. § 102(e). 

Additionally, although the cited portions of Exton discuss matching a user to an entry in an 
ACL, they contain absolutely no discussion of determining whether a sub-entry in a first ACL is 
equivalent to a sub-entry in a second ACL as required by Claim 1 ("determining whether each first 
sub-entry in the first access control list is equivalent to at least one of the second sub-entries"). 
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Exton does not compare sub-entries of two separate ACLs like the method of Claim 1 does. The 
"user" discussed in the cited portions of Exton is not an ACL entry or sub-entry, and is not derived 
from an ACL entry or sub-entry. 

The method of Claim 1 is used to determine whether two separate ACLs are functionally 
equivalent to each other ("programmatically determining whether a first access control list is 
functionally equivalent to a second access control list"). The approach discussed in the cited 
portions of Exton cannot be used to make such a determination. Exton's approach never determines 
whether two separate ACLs are functionally equivalent. Instead, the approach discussed in the cited 
portions of Exton merely uses a single ACL to determine whether a particular user has permission to 
perform a specified operation relative to a specified resource. 

In short, the approach disclosed in the cited portions of Exton has nothing to do with 
determining whether two separate ACLs are functionally equivalent. The approach disclosed in the 
cited portions of Exton does not involve the comparison of sub-entries from separate ACLs as the 
method of Claim 1 does. 

For at least the above reasons, Claim 1 is patentable over Exton under 35 U.S.C. § 102(e). 

Claims 17, 25, and 26 are computer-readable medium, system, and policy server versions, 
respectively, of Claim 1. Therefore, Claims 17, 25, and 26 are patentable over Exton under 35 
U.S.C. § 102(e) for at least the reasons set forth above relative to Claim 1 . 

Claims 6 and 7 depend from Claim 1. Claims 29 and 30 depend from Claim 25. Claims 27, 
31, and 32 depend from Claim 26. By virtue of their dependence from the independent claims from 
which they depend, these dependent claims comprise the distinguished features of the independent 
claims from which they depend. Therefore, Claims 6, 7, 27, and 29-32 are patentable over Exton 
under 35 U.S.C. § 102(e) for at least the reasons set forth above relative to Claims 1, 25, and 26. 
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REJECTIONS OF CLAIMS 9-11 AND 13-16 

Claim 13 has been canceled, thereby obviating the rejection of that claim. 

As amended, Claim 9 recites, among other features, "wherein using the conflict rule to 
determine the policy action comprises selecting one of the first policy and the second policy based 
on a selected policy of the first and second policies being newer than an unselected policy of the 
first and second policies." A similar feature was once recited in Claim 13, which is now canceled. 

In the rejection of Claim 13, the Office Action alleged that Bell disclosed a similar feature in 
col. 4, lines 9-35. This section of Bell discusses how, in order for an action "X" to be performed, at 
least one of a set of rules "r" must be true. The Office Action apparently analogizes Bell's "rules" 
to the "policies" recited in Claim 9. However, this section of Bell says nothing about a policy (or 
rule) being selected based on whether that policy (or rule) is newer than another policy (or rule). 
The truth of a rule has nothing to do with the novelty of a policy (or rule) relative to other policies 
(or rules). 

A thorough reading of Bell does not reveal any passage in which a policy is selected based 
on whether that policy is newer than another policy. 

Therefore, Bell does not disclose "wherein using the conflict rule to determine the policy 
action comprises selecting one of the first policy and the second policy based on a selected policy 
of the first and second policies being newer than an unselected policy of the first and second 
policies" as recited in Claim 9. Consequently, Claim 9 is patentable over Bell under 35 U.S.C. § 
102(e). 

The cited portion of Bell also does not disclose, teach, or suggest "identifying all non- 
overlapping dimensional ranges in the first access control list" as recited in Claim 9. 

For at least the above reasons, Claim 9 is patentable over Bell under 35 U.S.C. § 102(e). 

Claims 10, 1 1, and 14-16 depend from Claim 9. By virtue of their dependence from Claim 9, 
these dependent claims comprise the features of Claim 9 distinguished from Bell above. Therefore, 
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Claims 10, 1 1, and 14-16 are patentable over Bell for at least the reasons set forth above relative to 
Claim 9. 



CONCLUSION 

For the reasons set forth above, it is respectfully submitted that all of the pending claims are 
now in condition for allowance. Therefore, the issuance of a formal Notice of Allowance is believed 
next in order, and that action is most earnestly solicited. 

The Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 

If any applicable fee is missing or insufficient, throughout the pendency of this application, 
the Commissioner is hereby authorized to any applicable fees and to credit any overpayments to our 
Deposit Account No. 50-1302. 



Respectfully submitted, 



HICKMAN PALERMO TRUONG & BECKER LLP 






Christian A. Nicholes 
Reg. No. 50,266 



2055 Gateway Place, Suite 550 
San Jose, California 95110-1089 
Telephone No.: (408) 414-1080 
Facsimile No.: (408)414-1076 
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